[Gllug] p2p programs

Paul Rayner paul at ylemsolutions.com
Mon Nov 14 17:32:29 UTC 2005


On 14 Nov 2005, at 16:37, Henry Gilbert wrote:
>
> Don't put words in my mouth.
> I never said that.
> It's easier for you to be binary about the subject
> and pidgeon-hole me into absolutes:
> ie 100% safe, never-get-problems etc.

er, maybe I misread these comments then...

On 13 Nov 2005, at 12:45, Henry Gilbert wrote:

> Linux is indeed safe and I've never came across anyone infected by a
> trojan or a virus in Linux. I still think Desktop Linux viruses is
> theoretically impossible;

...

> All in all, it is extremely safe browsing the net using Desktop Linux.
> There is no self-installing attachments to worry about.
> There is no known succesful exploits that I am aware of.

Linux users have historically been more security aware than Windows 
users as Linux has required the ability to install the OS, and many 
users come from techie backgrounds. Most linux desktop users therefore
  know not to do things like running untrusted programs, know not to use 
root sparingly etc, so are less likely to `catch' any viruses, spyware 
etc. The main reason there are not lots of people writing malware 
attempting to trick linux desktop users into compromising their 
machines is that there are so few linux desktop users compared to 
Windows users.

A desktop linux virus is certainly not impossible. An attachment to an 
email that contains a shell script or other linux executable wouldn't 
be hard to write, nor would a signed Java applet that tries to take 
ownership of your system. If you're running as root, the malware would 
have a free reign over your system.

> I've installed Ubuntu Linux to a group of young webdesigners in Spain.
> Then one day - they were all happy about how Linux is superb as a
> webserver and all.
> They've signed up with some ISP that offered Linux as a webserver.
> Then Two months later, they phone at 1am saying their Fedora Linux got
> badly hacked.
>
Servers *are* more likely to get cracked, but IMO this is mostly 
because they are a far more attractive target to a cracker/script 
kiddie. A powerful server with a dedicated backbone connection is of 
far more use to these people than a PC on dial up or broadband. Also, 
IP ranges likely to contain servers are much more likely to get scanned 
by people wishing to crack linux boxes than ranges used by ISPs for 
broadband.

> A simple browse at webdesigning forums will tell you of similar 
> stories.
> In fact, it _seems_ more Linux webservers get hacked than Windows
> because of lack of expertise and utter negligence of new admins.

If this is the case ( I have no stats as to whether more Windows web 
servers or linux web servers get hacked), perhaps you can see why 
people on this list wish security to be seriously, and take issue with 
some of the points you have made.

> When was the last time an ASP application suffered similar wide-spread 
> exploit?
> And yet PHP Bulletin Boards is plagued with recurring risks.
../../../
(although be careful - typing that on the wrong server could land you 
in jail)

Regards,

Paul
--
Paul Rayner
Ylem Solutions Ltd ~ 32-38 Leman St, London. E1 8EW
Office: 020 7173 6241 ~ Mobile: 07739 143 763 ~ 
Paul.Rayner at YlemSolutions.com

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list